Waspada skimmer mencuri identitas kartu ATM anda

Hari ini saya dikejutkan dengan berita bahwa nasabah bank BCA di Kuta mengalami kehilangan saldo secara misterius. Beritanya banyak diliput di detiknews:

Jakarta - Lima nasabah BCA Kuta melapor polisi karena tabungannya berkurang meski mereka tidak melakukan penarikan. BCA mengindikasikan, pencurian itu terjadi karena PIN mereka diintip orang jahat.
"Diindikasikan bahwa telah terjadi pengintipan PIN oleh pihak yang tidak berhak, pada saat nasabah bertransaksi di ATMC BCA di Bali beberapa waktu lalu," demikian rilis BCA padadetikcom, Rabu (20/1/2010).

Saya yang tinggal di Kuta kaget dan langsung memeriksa saldo lewat ebanking BCA buat memastikan tidak menjadi korban hal yang sama. Ternyata saldo masi utuh. Lega...

Nah, siang ini, pas baca-baca berita di recomended itemnya google reader, ada berita yang mengulas tentang pencurian data kartu ATM ini. Dapat dari krebsonsecurity:

Pictured below is what’s known as a skimmer, or a device made to be affixed to the mouth of an ATM and secretly swipe credit and debit card information when bank customers slip their cards into the machines to pull out money. Skimmers have been around for years, of course, but thieves are constantly improving them, and the device pictured below is a perfect example of that evolution.This particular skimmer was found Dec. 6, 2009, attached to the front of a Citibank ATM in Woodland Hills, Calif. Would you have been able to spot this?

This is fairly professional job: Notice how the bulk of the electronics fit into the flap below the card acceptance slot. Also, check out the tiny pinhole camera (pictured below), ostensibly designed to switch on and record the victim’s movements as he or she enters their PIN at the ATM.

Wow! Susah banget mendeteksinya! Mulai sekarang kalau mau mengambil duit dari ATM, moncong mulut kartunya harus digoyang-goyang dulu sepertinya :P

SPAM

This whole time, I've been very careful with my email. I never gave it out easily, never register to any shady website, never displayed it in public space, I never risk my email. Why? Because I love my current email. This is my professional looking personal email. You know, the one using the firstname.lastname@domain.com format. It's not those embarrassing old email addresses like cute_babe@yahoo.com or neo_cool@hotmail.com kind of email (which looks cool back in 2000, the 'matrix' age). I love this email address and I don't want it to be ruined by the spam, so I take precaution when giving it out.

Do you know that Gmail have this nice feature where you can have unlimited aliases for your email address?

Using an address alias

Gmail doesn't offer traditional aliases, but you can receive messages sent to your.username+any.alias@gmail.com. For example, messages sent to jane.doe+notes@gmail.com are delivered to jane.doe@gmail.com.

You can set up filters to automatically direct these messages to Trash, apply a label or star, skip the inbox, or forward to another email account.

I've been using this technique for awhile now. For example, when I register on vimeo, I use address+vimeo@gmail.com. At wordpress I use myemailaddress+wordpress@gmail.com. Its bit tiring, especially when I forgot the password for those site, I have to guess what plus word did I use when registering. Its usually the domain name, but sometimes its not.

This morning I found out that my precaution is paying off. I got this email from josnke@rosyvalley.com claiming to be from the best drug store in Canada. Off course gmail spam filter correctly identified it as a SPAM, but still, its very annoying. I always check my emails first thing in the morning, and spam email is not fun (I check my emails every morning while having breakfast, reading about a d*ck enlarger drugs really kills my appetite). Now I have to waste more time checking the SPAM folder for any false positive. Because even gmail spam filter is not perfect.

I was
ready to say goodbye to my spam free inbox until I checked the email details. Turns out it was send to myaddress+seesmic@gmail.com. Wow! I never thought seesmic would stoop so low as to sell my contact information to spammer. A quick googling reveal that they're not that low:

Over the weekend, we were informed through Twitter that some users received spam to their email accounts specifically used for the TeamSeesmic newsletter. After working directly with certain users - collecting and assessing the information - we contacted our email newsletter provider, Aweber, to help us investigate and address this issue.

Yesterday, Aweber released this statement on their blog:
http://www.aweber.com/blog/uncategorized/data-compromise.htm

In essence, Aweber was a victim of vulnerabilities, and the issue was limited to areas where subscriber email addresses were stored for all their clients.

Hm.. Okay. Seesmic is not guilty. What about my email? Well, simple. I just create a new filter with this rule:

If sent to myaddress+seesmic@gmail.com move to trash

There. Done.

PS: This post have been sitting for a while in my draft folder, somehow I forgot to hit the publish button :P

Dakar Rally 2010 - The Big Picture

via boston.com

As usual, The Big Picture from The Boston Globe bring us a gallery of breathtaking images. This time from the Dakar Rally 2010. Number 12 is my Favorite.

Posted via web from Fajar's posterous

Basic Instructions - How to Save Money

via basicinstructions.net

I'm on a money saving quest for that shiny new D5000. I need all the tips I can get. Got any tips?

PS: I did successfully smuggle drinks to a karaoke once. Or twice. It feels gooood :D

Posted via web from Fajar's posterous

How many picture you’ve took on your camera?

I’ve took like 4000 picture on my cell phone camera. Cell phone! I seriously need a dedicated camera.

The Pursuit of Happyness

via ffffound.com

Now the question is, are you happy?

Posted via web from Fajar's posterous

Bali 10K Marathon

So yesterday I participate in a 10 Kilometer (6.2 Miles) marathon, Bali10K. I was partly inspired by Matt Cuts post when he announces that he registered for a sprint triathlon. The idea was, to have "one experience you look back on with pride for your entire life".

My target was to win the race. Yes, first place. It turns out to be a terrible mistake. I found out that human is not meant to travel 10 Km by foot. At least not modern human. We are utterly spoiled by the vehicle, and all new means of transportation. I suspect that every other runner that finished in front of me is actually a primitive primate brought to the future by the marathon committee to secure the prizes (this include a 7 year old Japanese boy, and a French couple that keep chattering along the route).

If there's one thing I've learnt from the marathon, is that the pride in marathon is not on the win, but the finish.
Meet the finisher: